Go to main content

Managing Auditing in Oracle® Solaris 11.4

Exit Print View

Updated: November 2020
 
 

Index

Numbers and Symbols

+ (plus sign) in audit class prefixes
index iconAudit Class Syntax
index iconHow to Configure syslog for the audit_syslog Plugin
- (minus sign)
audit class prefixindex iconAudit Class Syntax
[] (square brackets)
auditrecord outputindex iconAudit Record Analysis
^ (caret)
audit class prefix modifierindex iconAudit Class Syntax
in audit class prefixesindex iconHow to Configure a User's Audit Characteristics

A

ACLs
setting audit entriesindex iconSetting Audit ACL Entries
(example of)index iconSetting Audit ACL Entries
active audit policy
temporary audit policyindex iconHow to Change Audit Policy
adding
audit classesindex iconHow to Add an Audit Class
audit file systemsindex iconHow to Create ZFS File Systems for Audit Files
audit policyindex iconHow to Change Audit Policy
auditing
of individual users
index iconVolume of Audit Records Is Large
index iconHow to Configure a User's Audit Characteristics
of zonesindex iconConcepts in Planning Auditing
plugins
auditing
index iconHow to Send Audit Files to a Remote Repository
index iconHow to Configure a Remote Repository for Audit Files
index iconHow to Configure syslog for the audit_syslog Plugin
temporary audit policyindex iconSetting a Temporary Audit Policy
admhist command
index iconNew Feature – Viewing a Summary of Audit Records
index iconNew Feature – Filtering Audit Records by Functional Area
index iconNew Feature – Per-Privilege Logging of Audit Events
administering auditing
audit -s command
index iconExample: Configuring Oracle Solaris Auditing
index iconEnabling and Disabling the Audit Service
audit -t commandindex iconEnabling and Disabling the Audit Service
audit classesindex iconAudit Classes and Preselection
audit eventsindex iconAudit Events
audit filesindex iconViewing the Contents of Binary Audit Files
audit recordsindex iconAudit Records and Audit Tokens
audit trail overflow preventionindex iconPreventing Audit Trail Overflow
audit_remote plugin
index iconHow to Send Audit Files to a Remote Repository
index iconHow to Configure a Remote Repository for Audit Files
audit_syslog pluginindex iconHow to Configure syslog for the audit_syslog Plugin
auditconfig command
index iconHow to Preselect Audit Classes
index iconConfiguring the Audit Service
auditreduce commandindex iconHow to Merge Audit Files From the Audit Trail
configuringindex iconConfiguring the Audit Service
cost controlindex iconControlling Auditing Costs
descriptionindex iconFlow of Auditing
disablingindex iconEnabling and Disabling the Audit Service
efficiencyindex iconAuditing Efficiently
enablingindex iconEnabling and Disabling the Audit Service
in zones
index iconAuditing and Oracle Solaris Zones
index iconConfiguring the Audit Service in Zones
index iconPlanning Auditing in Zones
index iconAuditing on a System With Oracle Solaris Zones
plugins
index iconHow to Send Audit Files to a Remote Repository
index iconHow to Configure a Remote Repository for Audit Files
policyindex iconHow to Change Audit Policy
praudit commandindex iconViewing the Contents of Binary Audit Files
reducing space requirementsindex iconCost of Storage of Audit Data
refreshingindex iconExample: Configuring Oracle Solaris Auditing
reportsindex iconUsing Oracle Audit Vault and Database Firewall for Storage and Analysis of Audit Records
rights profiles requiredindex iconRights Profiles for Administering Auditing
ahlt audit policy
descriptionindex iconEffects of Audit Policy Options
settingindex iconSetting the ahlt Audit Policy Option
with cnt policyindex iconAudit Policies for Asynchronous and Synchronous Events
all audit class
caution for usingindex iconAudit Classes
always-audit classes
process preselection maskindex iconProcess Audit Characteristics
Analytics
auditing data andindex iconNew Feature – Displaying Auditing Data Graphically
annotationsindex iconNew Feature – Annotating Reason for Access in the Audit Record
configuring
for authenticated rights profilesindex iconConfiguring Annotation for Specific Users
for rights profilesindex iconConfiguring Annotation for Specific Users
for specific usersindex iconConfiguring Annotation for Specific Users
configuring for all usersindex iconConfiguring Annotation for All Users
PAM supportindex iconPAM Supports Annotation of Logins
tracking in an audit trailindex iconTracking Annotations in an Audit Trail
archiving
audit filesindex iconPreventing Audit Trail Overflow
arge audit policy
descriptionindex iconEffects of Audit Policy Options
settingindex iconHow to Audit All Commands by Users
argv audit policy
descriptionindex iconEffects of Audit Policy Options
settingindex iconHow to Audit All Commands by Users
ARS
  Seeindex iconaudit remote server
  Seeindex iconaudit remote server
asynchronous audit eventsindex iconAudit Policies for Asynchronous and Synchronous Events
audit -s command
index iconExample: Configuring Oracle Solaris Auditing
index iconExample: Configuring Oracle Solaris Auditing
index iconEnabling and Disabling the Audit Service
audit -t commandindex iconEnabling and Disabling the Audit Service
audit characteristics
audit user IDindex iconProcess Audit Characteristics
processesindex iconProcess Audit Characteristics
session IDindex iconProcess Audit Characteristics
terminal IDindex iconProcess Audit Characteristics
user process preselection maskindex iconProcess Audit Characteristics
audit classes
addingindex iconHow to Add an Audit Class
configurationindex iconAudit Classes
cusaindex iconCollecting Audit Records for External Auditors
description
index iconAudit Events
index iconAudit Terminology and Concepts
displaying configuredindex iconNew Feature – Listing the Available Audit Classes
displaying defaultsindex iconDisplaying Audit Service Defaults
exceptions to system-wide settingsindex iconAudit Classes and Preselection
mapping eventsindex iconAudit Classes and Preselection
modifying defaultindex iconHow to Add an Audit Class
overviewindex iconAudit Classes and Preselection
pe audit classindex iconNew Feature – Per-Privilege Logging of Audit Events
per-plugin configurationindex iconNew Feature – Flexible Per-Plugin Configuration of Audit Classes
post-selectionindex iconAudit Terminology and Concepts
prefixesindex iconAudit Class Syntax
preselecting
effect on public objectsindex iconAudit Terminology and Concepts
for failure
index iconSpecifying Audit Classes for syslog Output
index iconHow to Configure syslog for the audit_syslog Plugin
index iconModifying Audit Preselection Exception for One User
for success
index iconSpecifying Audit Classes for syslog Output
index iconHow to Configure syslog for the audit_syslog Plugin
index iconModifying Audit Preselection Exception for One User
for success and failureindex iconHow to Preselect Audit Classes
preselectionindex iconAudit Terminology and Concepts
process preselection maskindex iconProcess Audit Characteristics
replacingindex iconHow to Preselect Audit Classes
sstore
index iconViewing Audit Data in the Statistics Store
index iconNew Feature – Displaying Auditing Data Graphically
index iconsstore Audit Meta-Class
syntax
index iconAudit Class Syntax
index iconAudit Classes
user exceptionsindex iconHow to Configure a User's Audit Characteristics
Audit Configuration rights profile
index iconRights Profiles for Administering Auditing
index iconHow to Audit All Commands by Users
index iconHow to Add an Audit Class
index iconHow to Change Audit Policy
index iconHow to Preselect Audit Classes
index iconNew Feature – Refreshing the auditset SMF Service After Changing Event-Class Mappings
displaying auditing defaultsindex iconDisplaying Audit Service Defaults
Audit Control rights profile
index iconRights Profiles for Administering Auditing
index iconHow to Compress Audit Files on a Dedicated File System
index iconEnabling and Disabling the Audit Service
refreshing audit serviceindex iconExample: Configuring Oracle Solaris Auditing
audit directory
creating file systems forindex iconHow to Create ZFS File Systems for Audit Files
audit event-to-class mappings
changingindex iconHow to Change an Audit Event's Class Membership
audit events
asynchronous
index iconAudit Policies for Asynchronous and Synchronous Events
index iconAudit Events
attributableindex iconAudit Events
audit_event file andindex iconAudit Events
changing class membershipindex iconHow to Change an Audit Event's Class Membership
descriptionindex iconAudit Events
logging
index iconSpecifying Files or Directories to Be Audited
index iconNew Feature – Per-Object Logging of Audit Events
mapping to classesindex iconAudit Classes and Preselection
non-attributableindex iconAudit Events
removing from audit_event fileindex iconHow to Prevent the Auditing of Specific Events
selecting from audit trailindex iconSelecting Audit Events to Be Displayed
selecting from audit trail in zonesindex iconAuditing and Oracle Solaris Zones
selecting multiple eventsindex iconNew Feature – Reviewing Multiple Audit Events
summaryindex iconAudit Terminology and Concepts
synchronous
index iconAudit Policies for Asynchronous and Synchronous Events
index iconAudit Events
verified boot impactindex iconNew Feature – Auditing Verified Boot
viewing from binary filesindex iconViewing the Contents of Binary Audit Files
audit file system
descriptionindex iconAudit Terminology and Concepts
audit files
combiningindex iconHow to Merge Audit Files From the Audit Trail
compressing on diskindex iconHow to Compress Audit Files on a Dedicated File System
copying messages to single fileindex iconMerging Selected Records to a Single File
creating summary files
index iconMerging Selected Records to a Single File
index iconCopying One User's Audit Records to a Summary File
index iconCombining and Reducing Audit Files
effects of Coordinated Universal Time (UTC)index iconHow to Merge Audit Files From the Audit Trail
limiting size ofindex iconBinary Audit File Sizes Grow Without Limit
managingindex iconPreventing Audit Trail Overflow
printingindex iconPrinting the Entire Audit Trail
reading with prauditindex iconViewing the Contents of Binary Audit Files
reducing size ofindex iconHow to Merge Audit Files From the Audit Trail
reducing space requirementsindex iconCost of Storage of Audit Data
reducing storage-space requirementsindex iconAuditing Efficiently
setting aside disk space forindex iconHow to Create ZFS File Systems for Audit Files
time stampsindex iconConventions for Binary Audit File Names
ZFS file systems
index iconHow to Create ZFS File Systems for Audit Files
index iconHow to Compress Audit Files on a Dedicated File System
audit flags
setting and displayingindex iconNew Feature – Auditing Events Temporarily
summary ofindex iconAudit Terminology and Concepts
audit logs  See Alsoindex iconaudit files
comparing binary and text summariesindex iconAudit Logs
configuringindex iconConfiguring Local Audit Logs
configuring text summary audit logsindex iconHow to Configure syslog for the audit_syslog Plugin
modesindex iconAudit Logs
audit plugins
audit_binfile pluginindex iconConfiguring Audit Space for the Audit Trail and Audit Files
audit_remote plugin
index iconHow to Send Audit Files to a Remote Repository
index iconHow to Configure a Remote Repository for Audit Files
audit_syslog pluginindex iconHow to Configure syslog for the audit_syslog Plugin
descriptionindex iconAudit Terminology and Concepts
summary of
index iconAudit Plugins
index iconAudit Service Man Pages
audit policy
audit tokens fromindex iconAudit Policy
defaultsindex iconUnderstanding Audit Policy
descriptionindex iconAudit Terminology and Concepts
displaying defaultsindex iconDisplaying Audit Service Defaults
effects ofindex iconUnderstanding Audit Policy
publicindex iconEffects of Audit Policy Options
settingindex iconHow to Change Audit Policy
setting ahltindex iconSetting the ahlt Audit Policy Option
setting argeindex iconHow to Audit All Commands by Users
setting argvindex iconHow to Audit All Commands by Users
setting in global zone
index iconAuditing and Oracle Solaris Zones
index iconAuditing on a System With Oracle Solaris Zones
setting perzoneindex iconSetting the perzone Audit Policy
that does not affect tokensindex iconAudit Policy
tokens added byindex iconAudit Policy
audit preselection mask
modifying for existing usersindex iconHow to Update the Preselection Mask of Logged In Users
modifying for individual usersindex iconHow to Configure a User's Audit Characteristics
audit queue
events includedindex iconAudit Classes and Preselection
audit queue controls
displaying defaultsindex iconDisplaying Audit Service Defaults
audit records
/var/adm/auditlog fileindex iconHow to Configure syslog for the audit_syslog Plugin
adding annotationsindex iconNew Feature – Annotating Reason for Access in the Audit Record
converting to readable formatindex iconViewing a Specific Audit File
copying to single fileindex iconMerging Selected Records to a Single File
descriptionindex iconAudit Terminology and Concepts
displayingindex iconViewing the Contents of Binary Audit Files
displaying definitions of
procedureindex iconDisplaying Audit Record Definitions
displaying formats of a programindex iconDisplaying the Audit Record Definitions of a Program
displaying formats of an audit classindex iconDisplaying the Audit Record Definitions of an Audit Class
displaying in XML formatindex iconPutting Audit Records in XML Format
displaying summary of successful privileged execution records
index iconNew Feature – Viewing a Summary of Audit Records
index iconNew Feature – Filtering Audit Records by Functional Area
index iconNew Feature – Per-Privilege Logging of Audit Events
events that generateindex iconHow Does Auditing Work?
formatindex iconAudit Record Structure
formatting exampleindex iconDisplaying Audit Record Definitions
mergingindex iconHow to Merge Audit Files From the Audit Trail
overviewindex iconAudit Records and Audit Tokens
policies that add tokens toindex iconAudit Policy
reducing audit file sizeindex iconHow to Merge Audit Files From the Audit Trail
sequence of tokensindex iconAudit Record Structure
audit remote server
configuringindex iconHow to Configure a Remote Repository for Audit Files
description ofindex iconAudit Remote Server
managingindex iconManaging the Audit Remote Server
sending files toindex iconHow to Send Audit Files to a Remote Repository
Audit Review rights profile
index iconRights Profiles for Administering Auditing
index iconNew Feature – Displaying Auditing Data Graphically
audit service  See Alsoindex iconauditing
administrative audit eventsindex iconHow to Audit Significant Events in Addition to Login/Logout
audit trail creationindex iconAudit Trail
auditing privileged usersindex iconHow to Audit Significant Events in Addition to Login/Logout
configuring policyindex iconHow to Change Audit Policy
cusa audit classindex iconHow to Audit Significant Events in Addition to Login/Logout
defaultsindex iconAudit Service
disablingindex iconEnabling and Disabling the Audit Service
enablingindex iconEnabling and Disabling the Audit Service
policyindex iconUnderstanding Audit Policy
refreshing the kernelindex iconExample: Configuring Oracle Solaris Auditing
significant event auditingindex iconHow to Audit Significant Events in Addition to Login/Logout
troubleshootingindex iconAudit Records Are Not Being Logged
audit session ID
definitionindex iconProcess Audit Characteristics
overviewindex iconWhat Is Auditing?
audit tagsindex iconNew Feature – Filtering Audit Records by Functional Area
audit tokens  See Alsoindex iconindividual audit token names
added by audit policyindex iconAudit Policy
audit record formatindex iconAudit Record Structure
description
index iconAudit Records and Audit Tokens
index iconAudit Terminology and Concepts
formatindex iconAudit Token Formats
audit trail
adding disk spaceindex iconConfiguring Audit Space for the Audit Trail and Audit Files
analysis costsindex iconCost of Analysis of Audit Data
cleaning up not_terminated filesindex iconHow to Clean Up a not_terminated Audit File
creating summary files
index iconCopying One User's Audit Records to a Summary File
index iconCombining and Reducing Audit Files
descriptionindex iconAudit Terminology and Concepts
effect of audit policyindex iconUnderstanding Audit Policy
including annotationsindex iconNew Feature – Annotating Reason for Access in the Audit Record
monitoring in real timeindex iconAuditing Efficiently
overviewindex iconFlow of Auditing
preventing overflowindex iconPreventing Audit Trail Overflow
reducing size of
index iconVolume of Audit Records Is Large
index iconHow to Compress Audit Files on a Dedicated File System
restricting access using labelsindex iconNew Feature – Restricting Access to Audit Records With File Labeling
selecting events fromindex iconSelecting Audit Events to Be Displayed
sending files to remote repository
index iconHow to Send Audit Files to a Remote Repository
index iconHow to Configure a Remote Repository for Audit Files
tracking annotationsindex iconTracking Annotations in an Audit Trail
viewing events fromindex iconViewing the Contents of Binary Audit Files
viewing events from different zonesindex iconAuditing and Oracle Solaris Zones
audit user ID
mechanismindex iconProcess Audit Characteristics
overviewindex iconWhat Is Auditing?
audit.notice entry
syslog.conf fileindex iconHow to Configure syslog for the audit_syslog Plugin
audit command
disabling audit serviceindex iconEnabling and Disabling the Audit Service
optionsindex iconAudit Service Man Pages
refreshing audit serviceindex iconExample: Configuring Oracle Solaris Auditing
audit_binfile pluginindex iconAudit Plugin Modules
getting attributes
index iconSpecifying Several Changes to an Audit Plugin
index iconLimiting File Size for the audit_binfile Plugin
limiting audit file sizeindex iconLimiting File Size for the audit_binfile Plugin
setting attributesindex iconConfiguring Audit Space for the Audit Trail and Audit Files
setting free space warningindex iconSetting a Soft Limit for Warnings
specifying time for log rotationindex iconSpecifying Time for Log Rotation
audit_class file
adding a classindex iconHow to Add an Audit Class
troubleshootingindex iconCreating a New Audit Class
audit_event file
changing class membershipindex iconHow to Change an Audit Event's Class Membership
descriptionindex iconAudit Events
removing events safelyindex iconHow to Prevent the Auditing of Specific Events
audit_flags keyword
index iconHow to Audit Significant Events in Addition to Login/Logout
index iconHow to Configure a User's Audit Characteristics
specifying user exceptions to audit preselectionindex iconHow to Configure a User's Audit Characteristics
useindex iconAudit Class Syntax
using caret (^) prefixindex iconModifying Audit Preselection Exception for One User
audit_remote pluginindex iconAudit Plugin Modules
configuringindex iconHow to Configure a Remote Repository for Audit Files
getting attributes
index iconHow to Send Audit Files to a Remote Repository
index iconHow to Configure a Remote Repository for Audit Files
setting attributes
index iconHow to Send Audit Files to a Remote Repository
index iconHow to Configure a Remote Repository for Audit Files
troubleshooting audit queue overfullindex iconTuning the Audit Queue Buffer Size
audit_syslog pluginindex iconAudit Plugin Modules
setting attributesindex iconHow to Configure syslog for the audit_syslog Plugin
audit_warn script
configuringindex iconHow to Configure the audit_warn Email Alias
descriptionindex iconAudit Service Man Pages
auditconfig command
adding audit file systemsindex iconConfiguring Audit Space for the Audit Trail and Audit Files
audit classes as argumentsindex iconAudit Classes and Preselection
configuring policyindex iconHow to Change Audit Policy
descriptionindex iconAudit Service Man Pages
displaying audit defaultsindex iconDisplaying Audit Service Defaults
–getplugin option
index iconHow to Send Audit Files to a Remote Repository
index iconHow to Configure a Remote Repository for Audit Files
index iconHow to Configure syslog for the audit_syslog Plugin
–lsclass optionindex iconNew Feature – Listing the Available Audit Classes
–lsevent optionindex iconNew Feature – Listing Audit Events by Audit Class
–p_flags optionindex iconNew Feature – Flexible Per-Plugin Configuration of Audit Classes
policy optionsindex iconHow to Change Audit Policy
preselecting audit classesindex iconHow to Preselect Audit Classes
sending files to remote repository
index iconHow to Send Audit Files to a Remote Repository
index iconHow to Configure a Remote Repository for Audit Files
–setflags optionindex iconHow to Preselect Audit Classes
–setnaflags optionindex iconHow to Preselect Audit Classes
–setplugin option
index iconHow to Send Audit Files to a Remote Repository
index iconHow to Configure a Remote Repository for Audit Files
index iconHow to Configure syslog for the audit_syslog Plugin
setting active audit policyindex iconSetting a Temporary Audit Policy
setting audit policyindex iconHow to Audit All Commands by Users
setting audit policy temporarilyindex iconSetting a Temporary Audit Policy
setting audit_binfile attributesindex iconConfiguring Audit Space for the Audit Trail and Audit Files
setting audit_remote attributes
index iconHow to Send Audit Files to a Remote Repository
index iconHow to Configure a Remote Repository for Audit Files
setting system-wide audit parametersindex iconAudit Classes and Preselection
–t optionindex iconNew Feature – Auditing Events Temporarily
viewing default audit preselectionindex iconHow to Preselect Audit Classes
auditd daemon
refreshing audit serviceindex iconExample: Configuring Oracle Solaris Auditing
auditing
adding audit flags to a group of usersindex iconCreating a Rights Profile for a Group of Users
all commands by usersindex iconHow to Audit All Commands by Users
analysisindex iconUsing Oracle Audit Vault and Database Firewall for Storage and Analysis of Audit Records
audit remote serverindex iconManaging the Audit Remote Server
auditors' perspectiveindex iconBest Practices for Auditing Core System Files
changes in current releaseindex iconWhat's New in the Audit Service in Oracle Solaris 11.4
configuring
all zonesindex iconConfiguring the Audit Service
global zoneindex iconSetting the ahlt Audit Policy Option
identically for all zonesindex iconHow to Configure All Zones Identically for Auditing
per zoneindex iconHow to Configure Per-Zone Auditing
configuring in global zoneindex iconImplementing One Audit Service for All Zones
crontab editingS failureindex iconcrontab File Editing Fails With Audit Context Error
crontab filesindex iconcrontab File Editing Fails With Audit Context Error
customizingindex iconSelecting What Is Audited
default configurationindex iconDefault Configuration of the Audit Service
defaultsindex iconAudit Service
determining if runningindex iconAudit Records Are Not Being Logged
disablingindex iconEnabling and Disabling the Audit Service
enablingindex iconEnabling and Disabling the Audit Service
finding changes to specific filesindex iconHow to Find Audit Records of Changes to Specific Files
local definitionindex iconAudit Terminology and Concepts
loginsindex iconLogins From Other Operating Systems Not Being Audited
man page summariesindex iconAudit Service Man Pages
planningindex iconConcepts in Planning Auditing
planning in zonesindex iconPlanning Auditing in Zones
plugin modulesindex iconAudit Plugin Modules
plugin to Oracle Audit Vault and Database Firewallindex iconUsing Oracle Audit Vault and Database Firewall for Storage and Analysis of Audit Records
post-selection definitionindex iconAudit Terminology and Concepts
preselection definitionindex iconAudit Terminology and Concepts
remote definitionindex iconAudit Terminology and Concepts
reportsindex iconUsing Oracle Audit Vault and Database Firewall for Storage and Analysis of Audit Records
rights profiles forindex iconRights Profiles for Administering Auditing
sftp file transfersindex iconHow to Audit FTP and SFTP File Transfers
troubleshootingindex iconTroubleshooting the Audit Service
troubleshooting praudit commandindex iconProcessing praudit Output With a Script
updating information
index iconExample: Configuring Oracle Solaris Auditing
index iconExample: Configuring Oracle Solaris Auditing
zones and
index iconAuditing and Oracle Solaris Zones
index iconAuditing on a System With Oracle Solaris Zones
auditlog file
text audit recordsindex iconHow to Configure syslog for the audit_syslog Plugin
auditrecord command
[] (square brackets) in outputindex iconAudit Record Analysis
checking verified boot settingsindex iconNew Feature – Auditing Verified Boot
descriptionindex iconAudit Service Man Pages
displaying audit record definitionsindex iconDisplaying Audit Record Definitions
exampleindex iconDisplaying Audit Record Definitions
listing all formatsindex iconDisplaying Audit Record Definitions
listing formats of classindex iconDisplaying the Audit Record Definitions of an Audit Class
listing formats of programindex iconDisplaying the Audit Record Definitions of a Program
optional tokens ([])index iconAudit Record Analysis
auditreduce command
–A optionindex iconCopying Audit Files to a Summary File
auditing verified boot eventsindex iconNew Feature – Auditing Verified Boot
–b optionindex iconCombining and Reducing Audit Files
–c option
index iconMerging Selected Records to a Single File
index iconMerging Selected Records to a Single File
–C optionindex iconCopying Audit Files to a Summary File
cleaning up audit filesindex iconHow to Clean Up a not_terminated Audit File
–d optionindex iconMerging Selected Records to a Single File
–D optionindex iconCopying Audit Files to a Summary File
descriptionindex iconAudit Service Man Pages
–e optionindex iconCopying One User's Audit Records to a Summary File
examplesindex iconHow to Merge Audit Files From the Audit Trail
filtering optionsindex iconSelecting Audit Events to Be Displayed
–m optionindex iconNew Feature – Reviewing Multiple Audit Events
merging audit recordsindex iconHow to Merge Audit Files From the Audit Trail
–o optionindex iconTracking Annotations in an Audit Trail
–O option
index iconCopying Audit Files to a Summary File
index iconHow to Merge Audit Files From the Audit Trail
index iconCopying One User's Audit Records to a Summary File
selecting annotationsindex iconTracking Annotations in an Audit Trail
selecting audit recordsindex iconSelecting Audit Events to Be Displayed
–t optionindex iconNew Feature – Filtering Audit Records by Functional Area
time stamp useindex iconHow to Merge Audit Files From the Audit Trail
using lowercase optionsindex iconSelecting Audit Events to Be Displayed
using uppercase optionsindex iconHow to Merge Audit Files From the Audit Trail
auditstat command
descriptionindex iconAudit Service Man Pages
auid  Seeindex iconimmutable audit user ID

B

binary and remote recordsindex iconAbout Binary Records

C

caret (^)
in audit class prefixesindex iconHow to Configure a User's Audit Characteristics
using prefix in audit_flags valueindex iconModifying Audit Preselection Exception for One User
changing
audit_class fileindex iconHow to Add an Audit Class
audit_event fileindex iconHow to Change an Audit Event's Class Membership
auditing defaultsindex iconHow to Preselect Audit Classes
classes  Seeindex iconaudit classes
cleaning up
binary audit filesindex iconHow to Clean Up a not_terminated Audit File
cnt audit policy
descriptionindex iconEffects of Audit Policy Options
with ahlt policyindex iconAudit Policies for Asynchronous and Synchronous Events
combining audit files
auditreduce commandindex iconHow to Merge Audit Files From the Audit Trail
from different zonesindex iconAuditing and Oracle Solaris Zones
compressing
audit files on diskindex iconHow to Compress Audit Files on a Dedicated File System
configuration decisions
auditing
file storageindex iconPlanning Disk Space for Audit Records
policyindex iconUnderstanding Audit Policy
remote file storageindex iconPreparing to Stream Audit Records to Remote Storage
who and what to auditindex iconHow to Plan Who and What to Audit
zonesindex iconPlanning Auditing in Zones
configuration files
auditingindex iconAudit Service Man Pages
configured audit policy
permanent audit policyindex iconHow to Change Audit Policy
configuring
active audit policyindex iconSetting a Temporary Audit Policy
ahlt audit policyindex iconSetting the ahlt Audit Policy Option
audit policyindex iconHow to Change Audit Policy
audit classesindex iconHow to Preselect Audit Classes
audit logs task mapindex iconConfiguring the audit_binfile and audit_syslog Plugins
audit policyindex iconHow to Change Audit Policy
audit policy temporarilyindex iconSetting a Temporary Audit Policy
audit trail overflow preventionindex iconPreventing Audit Trail Overflow
audit_class fileindex iconHow to Add an Audit Class
audit_event fileindex iconHow to Change an Audit Event's Class Membership
audit_warn scriptindex iconHow to Configure the audit_warn Email Alias
auditingindex iconConfiguring the Audit Service
auditing in zones
index iconAuditing and Oracle Solaris Zones
index iconAuditing on a System With Oracle Solaris Zones
auditing reportsindex iconUsing Oracle Audit Vault and Database Firewall for Storage and Analysis of Audit Records
auditing task mapindex iconConfiguring the Audit Service
identical auditing for non-global zonesindex iconHow to Configure All Zones Identically for Auditing
per-zone auditingindex iconHow to Configure Per-Zone Auditing
perzone audit policyindex iconSetting the perzone Audit Policy
space for audit trailindex iconConfiguring Audit Space for the Audit Trail and Audit Files
text summaries of audit recordsindex iconHow to Configure syslog for the audit_syslog Plugin
converting
audit records to readable formatindex iconViewing a Specific Audit File
Coordinated Universal Time (UTC)
time stamp use in auditing
index iconConventions for Binary Audit File Names
index iconHow to Merge Audit Files From the Audit Trail
copying audit records to single fileindex iconMerging Selected Records to a Single File
core files
auditing changes toindex iconBest Practices for Auditing Core System Files
cost control
and auditingindex iconControlling Auditing Costs
creating
audit trailindex iconAudit Trail
rights profile for a group of usersindex iconCreating a Rights Profile for a Group of Users
storage for binary audit filesindex iconHow to Create ZFS File Systems for Audit Files
cusa audit class
index iconHow to Audit Significant Events in Addition to Login/Logout
index iconCollecting Audit Records for External Auditors

D

defaults
audit serviceindex iconAudit Service
deleting
archived audit filesindex iconPreventing Audit Trail Overflow
audit filesindex iconHow to Merge Audit Files From the Audit Trail
not_terminated audit filesindex iconHow to Clean Up a not_terminated Audit File
determining
audit ID of a userindex iconHow to Update the Preselection Mask of Logged In Users
whether auditing is runningindex iconAudit Records Are Not Being Logged
disabling
audit policyindex iconHow to Change Audit Policy
audit serviceindex iconEnabling and Disabling the Audit Service
disk space requirements
audit files
index iconHow to Create ZFS File Systems for Audit Files
index iconCost of Storage of Audit Data
displaying
audit events for specified audit flagsindex iconNew Feature – Listing Audit Events by Audit Class
audit policiesindex iconHow to Change Audit Policy
audit policy defaultsindex iconDisplaying Audit Service Defaults
audit queue controlsindex iconDisplaying Audit Service Defaults
audit record definitionsindex iconDisplaying Audit Record Definitions
audit recordsindex iconViewing the Contents of Binary Audit Files
audit records in XML formatindex iconPutting Audit Records in XML Format
auditing defaultsindex iconDisplaying Audit Service Defaults
definition of audit recordsindex iconDisplaying Audit Record Definitions
exceptions to system-wide auditingindex iconDisplaying Audit Service Defaults
selected audit recordsindex iconHow to Merge Audit Files From the Audit Trail

E

/etc/security/audit_event file
audit events andindex iconAudit Events
/etc/syslog.conf file
auditing andindex iconHow to Configure syslog for the audit_syslog Plugin
efficiency
auditing andindex iconAuditing Efficiently
enabling
audit serviceindex iconEnabling and Disabling the Audit Service
environment variables
presence in audit recordsindex iconEffects of Audit Policy Options
event
descriptionindex iconAudit Events
events
auditing significantindex iconHow to Audit Significant Events in Addition to Login/Logout
cusa audit classindex iconHow to Audit Significant Events in Addition to Login/Logout

F

failure and success events
audit class prefixindex iconAudit Class Syntax
file transfers
auditingindex iconHow to Audit FTP and SFTP File Transfers
files  See Alsoindex iconaudit files
audit_classindex iconAudit Service Man Pages
audit_eventindex iconAudit Service Man Pages
auditing modifications toindex iconHow to Find Audit Records of Changes to Specific Files
public objectsindex iconAudit Terminology and Concepts
specifying files to be audited
index iconSpecifying Files or Directories to Be Audited
index iconNew Feature – Per-Object Logging of Audit Events
filtering audit records  Seeindex iconaudit tags
flags line
process preselection maskindex iconProcess Audit Characteristics
format of audit records
auditrecord commandindex iconDisplaying Audit Record Definitions
ftp command
logging file transfersindex iconHow to Audit FTP and SFTP File Transfers

G

group audit policy
and group tokenindex iconEffects of Audit Policy Options
descriptionindex iconEffects of Audit Policy Options

H

hard disk
space requirements for auditingindex iconCost of Storage of Audit Data

I

IDs
audit
mechanismindex iconProcess Audit Characteristics
overviewindex iconWhat Is Auditing?
audit sessionindex iconProcess Audit Characteristics
immutable audit user ID
  Seeindex iconaudit user ID
  Seeindex iconaudit user ID

K

keywords
audit_flagsindex iconHow to Audit Significant Events in Addition to Login/Logout

L

labeled_only audit policy
and label tokenindex iconEffects of Audit Policy Options
descriptionindex iconEffects of Audit Policy Options
labeling
use to restrict access to audit trailindex iconNew Feature – Restricting Access to Audit Records With File Labeling
limiting
audit file sizeindex iconBinary Audit File Sizes Grow Without Limit
local auditingindex iconAudit Terminology and Concepts
log files
/var/adm/messagesindex iconTroubleshooting the Audit Service
/var/log/syslogindex iconTroubleshooting the Audit Service
audit records
index iconViewing a Specific Audit File
index iconAudit Logs
configuring for audit serviceindex iconHow to Configure syslog for the audit_syslog Plugin
logadm command
archiving text summary audit filesindex iconPreventing Audit Trail Overflow
logging
audit events
index iconSpecifying Files or Directories to Be Audited
index iconNew Feature – Per-Object Logging of Audit Events
ftp file transfersindex iconHow to Audit FTP and SFTP File Transfers
logging in
auditing loginsindex iconLogins From Other Operating Systems Not Being Audited
logins
audited for annotationindex iconPAM Supports Annotation of Logins
PAM support of annotationindex iconPAM Supports Annotation of Logins

M

Mail Management rights profileindex iconHow to Configure the audit_warn Email Alias
man pages
audit serviceindex iconAudit Service Man Pages
managing
audit files
index iconPreventing Audit Trail Overflow
index iconHow to Merge Audit Files From the Audit Trail
audit records task mapindex iconManaging Audit Records on Local Systems
audit trail overflowindex iconPreventing Audit Trail Overflow
auditing in zones
index iconAuditing and Oracle Solaris Zones
index iconAuditing on a System With Oracle Solaris Zones
mappings
events to classes (auditing)index iconAudit Classes and Preselection
mask (auditing)
description of process preselectionindex iconProcess Audit Characteristics
merging
binary audit recordsindex iconHow to Merge Audit Files From the Audit Trail
minus sign (-)
audit class prefixindex iconAudit Class Syntax
modifying
user security attributesindex iconHow to Configure a User's Audit Characteristics
monitoring
audit trail in real timeindex iconAuditing Efficiently

N

naming conventions
audit filesindex iconConventions for Binary Audit File Names
never-audit classes
process preselection maskindex iconProcess Audit Characteristics
new features
auditing enhancementsindex iconWhat's New in the Audit Service in Oracle Solaris 11.4
newaliases commandindex iconHow to Configure the audit_warn Email Alias

O

Oracle Audit Vault and Database Firewall
plugging in auditingindex iconUsing Oracle Audit Vault and Database Firewall for Storage and Analysis of Audit Records
overflow prevention
audit trailindex iconPreventing Audit Trail Overflow

P

–p_flags option  Seeindex iconauditconfig command
path audit policy
descriptionindex iconEffects of Audit Policy Options
pe audit class  Seeindex iconprivileged execution audit class
permanent audit policy
configured audit policyindex iconHow to Change Audit Policy
perzone audit policy
descriptionindex iconEffects of Audit Policy Options
settingindex iconSetting the perzone Audit Policy
using
index iconAuditing and Oracle Solaris Zones
index iconHow to Configure Per-Zone Auditing
index iconImplementing One Audit Service Per Zone
when to useindex iconAuditing on a System With Oracle Solaris Zones
planning
auditingindex iconConcepts in Planning Auditing
auditing in zonesindex iconPlanning Auditing in Zones
plugins
auditingindex iconAudit Plugin Modules
plus sign (+) in audit class prefixes
index iconAudit Class Syntax
index iconHow to Configure syslog for the audit_syslog Plugin
policies
for auditingindex iconUnderstanding Audit Policy
that add tokens to audit recordsindex iconAudit Policy
policy
audited commandsindex iconHow to Audit Significant Events in Addition to Login/Logout
policy.conf file
configuring annotationsindex iconConfiguring Annotation for All Users
post-selection in auditingindex iconAudit Terminology and Concepts
praudit command
converting audit records to readable formatindex iconViewing a Specific Audit File
descriptionindex iconAudit Service Man Pages
piping auditreduce output toindex iconPrinting the Entire Audit Trail
using in a scriptindex iconProcessing praudit Output With a Script
viewing audit recordsindex iconViewing the Contents of Binary Audit Files
XML formatindex iconPutting Audit Records in XML Format
prefixes for audit classesindex iconAudit Class Syntax
preselecting
audit classesindex iconHow to Preselect Audit Classes
preselection in auditingindex iconAudit Terminology and Concepts
preselection mask (auditing)
descriptionindex iconProcess Audit Characteristics
preventing audit trail overflowindex iconPreventing Audit Trail Overflow
printing
audit logindex iconPrinting the Entire Audit Trail
privileged execution audit classindex iconNew Feature – Per-Privilege Logging of Audit Events
process audit characteristics
audit session IDindex iconProcess Audit Characteristics
audit user IDindex iconProcess Audit Characteristics
process preselection maskindex iconProcess Audit Characteristics
terminal IDindex iconProcess Audit Characteristics
process preselection mask
descriptionindex iconProcess Audit Characteristics
processing time costs of audit serviceindex iconCost of Increased Processing Time of Audit Data
profiles
adding annotationsindex iconConfiguring Annotation for Specific Users
public directories
auditingindex iconAudit Terminology and Concepts
public objects
auditingindex iconAudit Terminology and Concepts
public audit policy
descriptionindex iconEffects of Audit Policy Options
read-only eventsindex iconEffects of Audit Policy Options

R

readable audit record format
converting audit records toindex iconViewing a Specific Audit File
reducing
audit file sizeindex iconHow to Merge Audit Files From the Audit Trail
disk space required for audit filesindex iconHow to Compress Audit Files on a Dedicated File System
storage-space requirements for audit filesindex iconAuditing Efficiently
refreshing audit serviceindex iconExample: Configuring Oracle Solaris Auditing
remote auditingindex iconAudit Terminology and Concepts
removing
audit events from audit_event fileindex iconHow to Prevent the Auditing of Specific Events
replacing preselected audit classesindex iconHow to Preselect Audit Classes
rights
audit profilesindex iconRights Profiles for Administering Auditing
Rights Delegation rights profileindex iconHow to Audit All Commands by Users
rights profiles
Audit Configuration
index iconHow to Audit All Commands by Users
index iconHow to Add an Audit Class
index iconHow to Change Audit Policy
index iconHow to Preselect Audit Classes
index iconNew Feature – Refreshing the auditset SMF Service After Changing Event-Class Mappings
Audit Controlindex iconHow to Compress Audit Files on a Dedicated File System
Audit Reviewindex iconNew Feature – Displaying Auditing Data Graphically
audit service andindex iconRights Profiles for Administering Auditing
Mail Managementindex iconHow to Configure the audit_warn Email Alias
Rights Delegationindex iconHow to Audit All Commands by Users
Service Configuration
index iconHow to Add an Audit Class
index iconNew Feature – Refreshing the auditset SMF Service After Changing Event-Class Mappings
ZFS File System Managementindex iconHow to Compress Audit Files on a Dedicated File System
ZFS Storage Managementindex iconHow to Compress Audit Files on a Dedicated File System
roleadd command
adding annotationsindex iconConfiguring Annotation for Specific Users
rolemod command
adding annotationsindex iconConfiguring Annotation for Specific Users
root role
crontabauditing error messageindex iconcrontab File Editing Fails With Audit Context Error

S

scripts
audit_warn script
index iconAudit Service Man Pages
index iconHow to Configure the audit_warn Email Alias
monitoring audit files exampleindex iconAuditing Efficiently
processing praudit outputindex iconProcessing praudit Output With a Script
security
auditing and
index iconHow Is Auditing Related to Security?
index iconAbout Auditing in Oracle Solaris
selecting
actions to be auditedindex iconSelecting What Is Audited
audit classesindex iconHow to Preselect Audit Classes
audit recordsindex iconSelecting Audit Events to Be Displayed
events from audit trailindex iconSelecting Audit Events to Be Displayed
seq audit policy
and sequence tokenindex iconEffects of Audit Policy Options
descriptionindex iconEffects of Audit Policy Options
Service Configuration rights profile
index iconHow to Add an Audit Class
index iconNew Feature – Refreshing the auditset SMF Service After Changing Event-Class Mappings
Session Annotations  Seeindex iconannotations
session ID
auditindex iconProcess Audit Characteristics
setting
ACL audit entriesindex iconSetting Audit ACL Entries
(example of)index iconSetting Audit ACL Entries
arge policyindex iconHow to Audit All Commands by Users
argv policyindex iconHow to Audit All Commands by Users
audit policyindex iconHow to Change Audit Policy
sftp command
auditing file transfersindex iconHow to Audit FTP and SFTP File Transfers
site security policies
auditindex iconHow to Audit Significant Events in Addition to Login/Logout
size of audit files
reducingindex iconHow to Merge Audit Files From the Audit Trail
reducing storage-space requirementsindex iconAuditing Efficiently
SMF
auditd serviceindex iconAudit Service
square brackets ([])
auditrecord outputindex iconAudit Record Analysis
sstore meta-class
index iconViewing Audit Data in the Statistics Store
index iconsstore Audit Meta-Class
starting auditingindex iconEnabling and Disabling the Audit Service
StatsStore
contains auditing dataindex iconNew Feature – Displaying Auditing Data Graphically
storage costs and auditingindex iconCost of Storage of Audit Data
storage overflow prevention
audit trailindex iconPreventing Audit Trail Overflow
storing
audit files
index iconHow to Create ZFS File Systems for Audit Files
index iconPlanning Disk Space for Audit Records
audit files remotelyindex iconPreparing to Stream Audit Records to Remote Storage
success and failure events
audit class prefixindex iconAudit Class Syntax
svcadm command
restartingindex iconHow to Configure syslog for the audit_syslog Plugin
syslog.conf file
audit.notice levelindex iconHow to Configure syslog for the audit_syslog Plugin
syslog recordsindex iconAbout syslog Audit Records

T

tail command
example of useindex iconAuditing Efficiently
task maps
configuring audit logsindex iconConfiguring the audit_binfile and audit_syslog Plugins
configuring auditingindex iconConfiguring the Audit Service
managing audit recordsindex iconManaging Audit Records on Local Systems
planning auditingindex iconConcepts in Planning Auditing
temporary audit policy
active audit policyindex iconHow to Change Audit Policy
settingindex iconSetting a Temporary Audit Policy
terminal ID
auditindex iconProcess Audit Characteristics
time stamps
audit filesindex iconConventions for Binary Audit File Names
trail audit policy
and trailer tokenindex iconEffects of Audit Policy Options
descriptionindex iconEffects of Audit Policy Options
troubleshooting
active pluginindex iconNo Audit Plugin Active
audit classes
customized
index iconNo Assigned Events to Audit Class
index iconCreating a New Audit Class
auditingindex iconTroubleshooting the Audit Service
praudit commandindex iconProcessing praudit Output With a Script
too many audit records in queueindex iconTuning the Audit Queue Buffer Size

U

UDP
using for remote audit logsindex iconAudit Logs
user ID
audit ID andindex iconProcess Audit Characteristics
user ID and audit IDindex iconWhat Is Auditing?
user_attr database
adding annotationsindex iconConfiguring Annotation for Specific Users
listing user exceptions to audit preselectionindex iconHow to Configure a User's Audit Characteristics
user_attr file
exceptions to system-wide audit classesindex iconAudit Classes and Preselection
useradd command
adding annotationsindex iconConfiguring Annotation for Specific Users
useradm command
adding annotationsindex iconConfiguring Annotation for Specific Users
userattr command
displaying exceptions to system-wide auditingindex iconDisplaying Audit Service Defaults
usermod command
adding annotationsindex iconConfiguring Annotation for Specific Users
audit_flags keywordindex iconHow to Configure a User's Audit Characteristics
exceptions to system-wide auditingindex iconAudit Classes and Preselection
specifying user exceptions to audit preselectionindex iconHow to Configure a User's Audit Characteristics
using caret (^) prefix for audit_flags exceptionindex iconModifying Audit Preselection Exception for One User
users
auditing all commandsindex iconHow to Audit All Commands by Users
auditing privilegedindex iconHow to Audit Significant Events in Addition to Login/Logout
creating rights profile for a groupindex iconCreating a Rights Profile for a Group of Users
modifying audit preselection mask ofindex iconHow to Configure a User's Audit Characteristics

V

/var/adm/auditlog file
text audit recordsindex iconHow to Configure syslog for the audit_syslog Plugin
/var/adm/messages file
troubleshooting auditingindex iconTroubleshooting the Audit Service
/var/log/syslog file
troubleshooting auditingindex iconTroubleshooting the Audit Service
variables
adding to audit recordindex iconEffects of Audit Policy Options
verified boot
auditing impact ofindex iconNew Feature – Auditing Verified Boot
viewing
audit record definitionsindex iconDisplaying Audit Record Definitions
binary audit filesindex iconViewing the Contents of Binary Audit Files
XML audit recordsindex iconPutting Audit Records in XML Format

X

XML format
audit recordsindex iconPutting Audit Records in XML Format

Z

ZFS File System Management rights profileindex iconHow to Compress Audit Files on a Dedicated File System
creating audit file systemsindex iconHow to Create ZFS File Systems for Audit Files
ZFS file systems
creating for binary audit filesindex iconHow to Create ZFS File Systems for Audit Files
ZFS Storage Management rights profileindex iconHow to Compress Audit Files on a Dedicated File System
creating pools for audit filesindex iconHow to Create ZFS File Systems for Audit Files
zonename audit policy
descriptionindex iconEffects of Audit Policy Options
using
index iconAuditing and Oracle Solaris Zones
index iconImplementing One Audit Service Per Zone
zones
auditing and
index iconAuditing and Oracle Solaris Zones
index iconAuditing on a System With Oracle Solaris Zones
configuring auditing in global zoneindex iconSetting the ahlt Audit Policy Option
perzone audit policy
index iconAuditing and Oracle Solaris Zones
index iconImplementing One Audit Service Per Zone
index iconAuditing on a System With Oracle Solaris Zones
planning auditing inindex iconPlanning Auditing in Zones
zonename audit policy
index iconAuditing and Oracle Solaris Zones
index iconImplementing One Audit Service Per Zone